We have SOAP web services in production that are relying on SOAP Headers (containing plain client credentials) for the authentication. The WS are used in heterogeneous environments with .NET/Java/PHP/Python/C++ clients both web app or desktop app. We are considering a v2 for those WS and I am wondering what are considered as the best pr...
We don't exactly comply with the XML-RPC spec, but the concepts are nearly identical. A client comes in over HTTP/HTTPS with an XML payload. We respond with an XML payload answering the request. This is primarily machine to machine, so no human to type a username/password. Our construct runs within apache tomcat. We would like to au...
The JDBC realm specifies a table structure for authentication which contains the columns defined by the attributes userNameCol and userCredCol. These correspond to user and password which makes sense for FORM or BASIC auth-methods. They are interactive and require these two pieces from the client's user. What comes back from the cert...
I am trying to to set up the login control to remember the login credentials of a user who has previously entered their user name and password successfully. I set the remember me property to true, but it doesnt seem to triger any events where I could read the cookie and auto login the user. Is there a straightforward mechanism to accom...
I'd like to enumerate domain accounts and try authenticating as each with a limited set of passwords. The issue is that I can't find any way to attempt to validate credentials without "doing" something (e.g. querying wmi with impersonation) which isn't useful as the account may or may not have the ability to connect via wmi in the firs...
I am working on an ASP.NET application and am trying to add user authentication. As a first step, I am using the Web Site Administration tool (Website | ASP.NET Configuration) to manage users and permissions. Accessing this website is incredibly slow. To load the main page takes 30 seconds. When navigating to the Security page (also ...
How do I solve the error: Unable to read WSDL from URL: https://workflowtest.site.edu/_vti_bin/Lists.asmx?WSDL. Error: 401 Unauthorized. I can successfully view the WSDL from the browser using the same user account. I'm not sure which authentication is being used (Basic or Integrated). How would I find that out? The code making...
I have a PHP web application on an intranet that can extract the IP and host name of the current user on that page, but I was wondering if there is a way to get/extract their Active Directory/Windows username as well. Is this possible? ...
Here's my scenario. I created an application which uses Integrated Windows Authentication in order to work. In Application_AuthenticateRequest(), I use HttpContext.Current.User.Identity to get the current WindowsPrincipal of the user of my website. Now here's the funny part. Some of our users have recently gotten married, and their n...
I'm looking for a way to authenticate users through LDAP with PHP (with Active Directory being the provider). Ideally, it should be able to run on IIS 7 (adLDAP does it on Apache). Anyone had done anything similar, with success? Edit: I'd prefer a library/class with code that's ready to go... It'd be silly to invent the wheel when some...
I’m developing a website of a client and they are sending out newsletters to their customers (through the website administration interface) The newsletters are personal to each of the subscribed recipients/customers. Each recipient/ customer is also a user with a username/password that enables them to sign in on the website and manage t...
I am using an authentication attribute on some of my actions in an asp.net mvc page to refer people to a login screen if they have not authenticated. My problem is returning them to the referring page after they have logged in. I was just keeping track of the referring action and referring controller but that becomes problematic when I...
Is it possible to provide WCF with a custom proxy address and custom credentials? I've found this answer on stackoverflow: http://stackoverflow.com/questions/105499/how-to-set-proxy-with-credentials-to-generated-wcf-client, but I've got a complication, the service I'm authenticating against uses its own authentication, so I've got to u...
Hi! I want to download and parse webpage using python, but to access it I need a couple of cookies set. Therefore I need to login over https to the webpage first. The login moment involves sending two POST params (username, password) to /login.php. During the login request I want to retrieve the cookies from the response header and stor...
Is it possible to have transport security without authentication? I'm well aware of it's flaws but atm I can't install a certificate a the client side. It seems I can set WSHttpBinding.SecurityMode to Transport and the ClientCredentialType to HttpClientCredentialType.None, but when I try to call the service I get this exception: An erro...
Is it possible to grab activedirectory credentials for the user on a client machine from within a web application? To clarify, I am designing a web application which will be hosted on a client's intranet. There is a requirement that the a user of the application not be prompted for credentials when accessing the application, and that i...
Hey everyone, I was wondering, what's the best approach in creating users authentication for my asp.net-mvc web application. Should I use the Forms authentication using a custom MembershipProvider ? Or should I implement my own login and registration mechanism for my users? ...
In a project which uses restful_authentication with acts_as_state_machine and email activation, I get a double render error whenever a user does the activation action from the email link. I'm using the default def activate self.current_user = params[:activation_code].blank? ? false : User.find_by_activation_code(params[:activation_c...
Our Web application uses the ASP.Net AJAX Authentication Services to perform login/logout. Everything works great if the login/logout actions are initiated from client side via JavaScript. Question: When the session times out how do I call the AuthenticationService.Logout function from the SessionEnd event? Looking for a simple clean...
My web application is relying on container-managed security and I'm wondering if it's possible to use salted passwords at all. As far as I can tell it's easy enough to store digested passwords in a database by just configuring a JDBC or DataSource Realm, but there's no way to add a salt to those digest. Any suggestions? Edit: it seems...